By Robert Douglas, President
$1 trillion worth of intellectual property has been stolen from American organizations in the last year. Is yours safe? Not from a cyber-thief.
Today's most dangerous thieves aren't robbing banks.
They're sitting in front of computers. Stealing data.
Cyber espionage takes many forms, uses both internal and external network channels, and is a growing risk in today's business world. A growing risk that many organizations don't take
seriously—until it's too late.
This month's WOOF! will explain what cyber espionage is. How it can affect your business. And what you can do to stop it.
What is Cyber Espionage?
Cyber espionage can be defined as: One or more outside elements breaking into an organization's network via internal weaknesses and/or external attack vectors, stealing data and using it against the organization in some way. Whether
by selling it for profit, trying to copy the organization’s product, or damaging the organization's ability to do business.
It's a threat IT managers are (rightly) worried about. A new report estimates that cyber-thieves steal one terabyte of data every day!
What kind of data is targeted? Corporate trade secrets. Product blueprints. Source code. Military intelligence files. Passwords. Customers' personal information.
Credit card information. Social Security numbers. And more.
In October 2012, hackers broke into the South Carolina Department of Revenue and stole 3.6 million Social Security numbers, plus 16,000 credit card & debit card numbers. They could do irrevocable damage to millions with that kind of data.
And that’s just one theft among hundreds. Here are a few more organizations
that have suffered cyber-attacks in the past 2 years. You might recognize a few...
- Epsilon (Enterprise Marketing Firm)
- U.S. Environmental Protection Agency (EPA)
- Wells Fargo
- Harvard University
- The White House
But cyber-attacks don’t just focus on big companies or government. According to Veracode research reports, 72% of known breaches in 2011 hit businesses with less than 100 employees.
50% of those businesses thought they were too small to become a target!
So if you’re a small business, remember: When it comes to cyber espionage…no one is "off the list."
What's the difference between cyber espionage and internal theft?
There are 2 differences between an employee's data theft and cyber-thieves stealing data: Primary Focus, and Place of Origin.
Internal theft (as we discussed last issue) comes from employees or contractors stealing company trade secrets.
Cyber espionage comes from external entities going after company data (sometimes using internal vulnerabilities). They’re
more agnostic with their theft – any viable data is a target.
Where Cyber Espionage Originates
Last issue I listed the 5-point strategy the White House announced in February, for stopping trade secret theft. The first point is telling, when it comes to cyber-espionage’s origin:
- Focusing diplomatic efforts to protect trade secrets through diplomatic pressure, trade policy and cooperation with international entities
- Promoting voluntary best practices by private industry to protect trade secrets
- Enhancing domestic law enforcement, including through outreach and information-sharing with the private sector
- Improving domestic legislation to combat trade secret theft
- Improving public awareness and stakeholder outreach
(Source: The National Law Review, 03-01-2013)
It shouldn't come as a surprise then, that cyber espionage
comes mostly from the following 3 entities.
Foreign Countries – Foreign government agencies & their subordinate groups may steal corporate information in order to improve their own businesses, weaken yours, or
destabilize an industry or country.
Competitors – Other companies (foreign and domestic) may employ cyber-thieves to steal information from their competition.
Professional Cyber-Thieves – Independent thieves out for profit, selling stolen data to the highest bidder.
How do Cyber-Thieves Break In?
- Hacking Attempts – Exploiting vulnerabilities in your systems (such as a weak password, an unpatched database or misconfigured router) to break into the network.
- DDoS – Stands for "Distributed Denial of Service Attack." Thieves use hundreds, even thousands of malware-infected computers to bombard a server with requests until it either crashes, or they break in. These attacks are happening
more often; Q1 2013 saw a 21.75% increase over last year.
- Malware/Phishing – Rogue applications that install themselves on your computers, harvest data and send it off for exploitation. (Note: Not all malware is intended to steal information. Some just tries to crash your systems.)
A security professional even pointed out in a recent talk that online file storage services like Dropbox could be used as a conduit to insert malware into a network and steal data!
Online chat and IM applications also support file sharing and
have become the conduit for malware and a foothold for basing attacks on your network.
Cyber-thieves often attack a large company’s subcontractor, in order to steal the larger company’s data. Their reasoning is, the subcontractor’s
network security won’t be as strong as the larger company. They’re usually right.
Even if a subcontractor invests in high security, thieves may still break in through brute force. They know such targets are information-rich.
We see this in U.S. businesses operating in China; one in four have experienced a breach or theft. And the number is only growing.
company’s data is your job, and your job alone. Here’s how you go about it.
How to Protect Against Cyber Espionage
Every network needs proper cyber security practices put in place. Once set up, they only require basic maintenance.
- Institute strict BYOD Policies (such as establishing a guest network and routing all employee-owned devices to use it) to prevent company data traveling outside the network unprotected.
- Patch ALL of your systems, and keep them up-to-date on their security updates.
- Proper Network Security configuration.
- Network Penetration Testing – Test your network for vulnerabilities (open ports, unpatched servers, exploitable openings in routers or workstations, etc.). Have an outside company perform the testing.
- Replace network hardware and servers that are more than 5 years old.
- Keep your network gear and server software up to date—upgrade before your software’s end of life date.
- Run routine network-wide software scans to see what is installed and may possibly violate your company’s security or software policies.
No security measure is 100% effective, 100% of the time. But by following these practices, you can greatly reduce your risk of a cyber-attack.
This is Part 2 of our "Securing Your Network" content series. If you enjoyed it, please share this issue with your colleagues. They can subscribe to our mailing list and receive more
important technical information in next month's "WOOF!"